Users: Access Control Levels

1012_doc_icon

Description:

This is an Information Page and does not relate to a specific menu function in Joomla! but it does relate to many aspects of Joomla!.

In order to understand the Joomla! Access Control List it is also necessary to consider the structure of a Joomla! web site as well.

Every Joomla! web site installation has two distinct access/content zones.

Front-end:

The first of these zones is the Front-end. Also known as the Public Front-End.

The Front-end is the web site that all visitors will see when they input the web site's URL address - whether this is on the Internet, or an Intranet, or a simple, local, standalone installation of Joomla!.

The Front-end includes the Front Page (home page) and is where all the web site Content Items, images, and the rest of the massive array of possible Content will be displayed and is accessible to the web site visitors.

Back-end:

The second zone is the Back-end. Also know as the Public Back-end, Administrator, Control Panel, and many other names.

The Back-end is the control room or flight deck of Joomla!. Here, all the software, functionality, and security of the Joomla! installation can be managed (in conjunction with the database and web server administration functions).

The Back-end is not available to public viewing. Normal visitors to the web site will not be able to view or access the settings or configuration of Joomla!.

To ensure that access to the two zones is kept separate Joomla! has two very separate classification levels of User Group that match these two zones. Within each classification level there are a number of User Groups.

In addition, there is a system for classifying the actual Content that each Group can view.

The following section on User Groups will clarify which User Group can access a particular Class of Content.

User Groups: 

Guest: Not a User Group per se, but included to assist in distinguishing between all users of the web site.

A Guest is anyone that is connected to the web site but NOT registered and/or logged in. A Guest only has access to the Front-end Content that has an Access Classification of Public.

Front-end User Groups

There are four Front-end User Groups available in a standard Joomla! installation:

Registered: The Registered User Group comprises those users who have completed the registration process.

As a Registered User they have the access permission to log in to the web site, view all Content that is Classified as Registered Access as well as Public Access Content.

By default Registered Users are able to configure their own User Profile, submit a Web Link, view/rate Content Items with a Registered Classification,

Author: The Author User Group inherits the access permissions of the Registered User Group and in addition, its members are allowed to create a new Content Item for the Front-end of the web site.

A new Menu Item link will need to be added to one of the web site Menus to allow the Author to access this function.

Editor: The Editor User Group inherits the access permissions of the Author User Group and, in addition, its members are allowed to edit all published Content Items for the Front-end of the web site, and to review and edit (where appropriate) any new Content Item that has yet to be published.

A new Menu Item link will need to be added to one of the web site Menus to allow the Editor to access any unpublished Content Items. These are created in the menu=>Menu Manager [menuname]->new Menu Item.

Publisher: The Publisher User Group inherits the access permissions of the Editor User Group, and in addition, its members are allowed to publish new Content Items to the Front-end of the web site. In addition the Publisher can control existing published Content Items and Unpublish them if necessary by direct entry into the Content Item itself.

A new Menu Item link will need to be added to one of the web site Menus to allow the Publisher to access any unpublished Content Items.These are created in the menu=>Menu Manager [menuname]->new Menu Item.

Back-end User Groups

There are three Back-end User Groups available in a standard Joomla! installation.

As administration User Groups they have the access permission to log in to the web site as well as to the Administrator Back-end - via a separate log in process. They can view all Content that is Classified as Registered Access, Public Access, as well as Special Access.

Manager: The Manager User Group inherits the access permissions of the Publisher User Group in the Front-end of the web site and, in addition, its members are allowed access to the Administrator Back-end (Control Panel) via a separate log in.

In the Control Panel a Manager can access the following Administrator Menus and associated functions:

  • Site:

    • Media Manager
    • Preview.
    • Statistics
  • Menu:
    • Access and edit existing Menus
  • Content:
    • Content by Section
    • All Content
    • Static Content Manager,
    • Section Manager,
    • Category Manager
    • Front Page Manager
    • Archives Manager.
    • Page Impressions
  • Help (general), including System Info.

Administrator: The Administrator User Group inherits the access permissions of the Manager User Group and in addition an Administrator has the following permissions:

  • Site:

    • Trash Manager,
    • User Manager (may create/edit/delete any user of the same level or below – all except Super Administrator.
  • Menu:
    • Menu Manager
  • Modules:
    • Site Modules
    • Administrator Modules
  • Components
    • Banners
    • Contacts
    • Mass Mail Not available although it appears in this menu
    • News Feeds
    • Polls
    • Syndicate
    • Web Links
  • Mambots:
    • Site Mambots
  • Installers
    • Components
    • Modules
    • Mambots

Super Administrator: The Super Administrator User Group has total access permission – that is for all Back-end administration and all Front-end functions.

All the functions accessed by the Administrator User Group plus:

  • Site:

    • Global Configuration
    • Language Manager
    • Template Manager
      • Site
      • Administration
    • User Manager (may create/edit any type of user, may delete any user except Super Administrator.

note711_smallNOTE: Super Administrators may be deleted directly from within the MySQL database;

  • Components:
    • Mass Mail
  • Messages:
    • Inbox
    • Configuration
  • System:
    • Version Check
    • Global Checkin
    • System Information

Content Access Classification:

In Joomla! Content is classified by who can view/access it. There are three levels of Content Access Classification:

  • Public - open to all visitors to the web site.

  • Registered - restricted to all seven Registered User Groups of the web site.
  • Special - restricted to all User Groups except Guest and Registered.

note711_smallNOTE: The Special Classification uses the individual Group's authority levels to determine precisely what Special Access is actually permitted.

Related Information:

User Manager

User Manager Add/Edit  


note icon NOTE: If you have any comments or suggestions regarding this Help screen then please post them in the Suggestions, Modifications, and Corrections forum in the User Documentation Work Group.

Thank you!

 

The User Documentation Team

Last Updated ( Monday, 09 April 2007 )